Privacy activists have urged top web firms to ensure they tell Phorm not to monitor communications with their users, ahead of BT's proposed deployment of its interception and profiling system.
In an open letter to privacy officers at Amazon, AOL, eBay, Facebook, Google, Microsoft and Yahoo!, campaigners claim the system, which …

COMMENTS

Phorm = Lying Bastards

Here's what they say for web site owners to preclude their web site traffic from being intercepted. They basically say you have to (1) encrypt your traffic, (2) require all visitors to log in via RFC 1945, or (3) use a robots.txt file to block *ALL* web crawlers. In other words, they are claiming the only way to transparently protect your visitors from their criminal behavior is to block *ALL* search engines of any kind from crawling & indexing your site.

Oh Phorm...

Quote:"Many of them have, like Phorm, demonstrated their commitment to user privacy as signatories to the IAB UK’s interest based advertising good practice principles."

Didnt Alexander Hanff shoot those guidelines full of holes by showing how the guidelines were less restrictive than current UK and EU law?

If I was Google, I'd be demanding Phorm for a share of the profits. Lets face it, Google gets a lot of traffic and now BT/Phorm are profiting from that. Google can either explicitly deny Phorm the right to profile searches, or it can demand a profit, which of course a struggling company like Phorm cant really afford to share. Either way, Phorm would be scuppered if Google played hardball. In fact, if Phorm goes live, wouldnt this mean that Phorm and Google are now in competition? I'm putting my money on Google.

Opt In is the only legal solution

I've asked for exclusion of my site

My puny little site has nothing of any commercial interest, but if we all write to ask for exclusion then they will have to spend time dealing with the requests.

The advice on the webpage cited is essentially to put "Agent * Disallow /" in your robots.txt, in other words to opt of of being indexed by Google, and thereby to lose all of your customers. Thank you, very helpful.

You have to email website-exclusion@webwise.com to get excluded. There is no form or other kind of automation, so some poor sod is going to have to read through all of the messages. That is, unless they ignore them.

The advice in the autoreply from this email is that your contact details have to be up to date with "whois", whereas individuals registering .uk domain names can opt out of having these on the public pages. Another attempt to bully people into surrendering their privacy.

<insert title here>

...and done.

Even looks like they are serious about it working to opt-out.

Publisher Exclusion Request Autoreply

Thank you for your submission to the Phorm website exclusion list. If there are no obvious grounds to doubt the legitimacy of the request the URL will be blocked as soon as possible, usually within 48 hours.

Requests must be made by the legitimate owner of the domain. If we have questions regarding your domain Phorm may take a number of steps, including attempting to contact the domain administrator by email for confirmation of this request. If the request remains questionable and is not confirmed within 10 days, the URL will be removed from the exclusion list and an email will be sent informing you of this decision.

Where applicable, please ensure that the Administrative Contact details for this domain are up to date. If you need to update them, please resubmit your request when the amended details are visible in the WhoIs database - (use a public whois service such as http://who.godaddy.com/whoischeck.aspx if you are unsure it has been updated)

Most intelligent answer ...

... would be to insist it be OPT-IN not opt out, and to require both the WEBSITE owner and the END USER to have actively and knowingly opted in before a third party can make use of the data in any way.

Opt-out is absolutely *NOT* an option, nor is any form of opt-in that can happen by accident.

And above all, any government official, BT or phorm employee who fails to understand and agree with the above must be deemed to have OPTED OUT of their JOB due to complete and utter incompetence.

Opt out

apples and oranges

The only network you use all the time is that of your ISP so I don't see the point of comparing BT with Korea-Network. Besides, your ISP can associate your IP address with your name while another ISP can't.

Better still...

Re:Is the opt-out global?

AFAIK, you have to opt-out of each Phorm implementer's 'service' individually.

Which is why the web-site opt-out idea is generally impractical as, for each potential visitor to your site, you have to check if their ISP is 'Phormed' and ensure *your site* has opted out.

I believe there are ways to detect Phormed visitors to your site. If they can be shown to work reliably then I favour a (polite) message to the Phormed visitor asking *them* to opt-out of Phorm/webwise and blocking access to commercially sensitive areas of your site (ie, anywhere they can browse your goods while Phorm can see what they are looking at) until they do so.

@ Andy .S

Do it dynamically

There are 2 main ways to opt out of Phorm:

- Email them, as described above, and hope that they honour your request.

- Use a robots.txt to exclude them, and hope that they honour that request.

Their suggested method to block via robots.txt will also block all other search engines, but you can implement a simple system to just block Phorm if you have dynamic scripting such as PHP available to you. See http://phormcheck.co.uk/website-tools/#robots for an example method.

Of course, if you do request opt-out via email then you're being supportive of their use of opt-out rather than opt-in. Using robots.txt is less so, but still not ideal.

But in a country whose government refuses to defend you against the privacy pirates, you've got to do whatever you can to protect yourself.

No this is wrong..

by using the method proposed by BT and Phorm you are legitimizing their postion that 'Anyone can opt out'. This is wrong the only option for this system to be legal is for users and websites to OPT IN.

If sites are asked to do this all it will do is give Phorm the ammuntion to say ' look how easy it is to opt out , what is the problem?' . The problem is that the law states it must be OPT IN by both parties, ie webstie and user, if this doesn't happen then BT /Phorm or whoever are breaking the law.

Do not opt out, watch your logs and sue the arse off them.

This also falls if the sites that opt out do not make the fact public then there is no publicity, who will know if the campaign has had any effect? I have deep reservations about this move.

Has El Reg opted out?

We need is a list of ISPs not using (or going to use) Phorm

I don't care about cookies. (I block most anyway and delete all on exit, so I could never be sure I was enabled to disable Phorm). Also Phorm are such unscrupulous people proving they have no ethics, so I doubt (and certainly do not trust) they would even honor all cookies and they could just as easily end up say, oh sorry, a bug means we profiled larger numbers of people than we intended. They are ruthless people feeding data (for a price) to the rich and powerful. Given the historic track record of the rich and powerful, there is no reason to trust anything they say or do, as everything they do is for their own gain.

This technology has political implications. Its not simply a marketing tool. Make absolutely no mistake, they will also use it to profile political orientation which is part of opposition research. Identifying, then tracking, then making life a bit harder for political opponents is all part of the political game. Help supporters and hold back opponents. Plus NuLabour's Jacqui Smith has shown time and time again she and her lot want to profile everyone. Meanwhile the lot of them rob the country blind of billions and then they want to police us even more. No wonder, given the morally corrupt crimes they are committing against us all. (But of course, we can't actually make their morally corrupt crimes considered as officially illegal, as they write the laws, so they choose what is considered illegal). It wouldn't surprise me in the slightest to learn these cookies only control which pipes the data gets fed into for archiving. Marketing people get the filtered data. Governments get the raw data.

All we need is a list of ISPs not using (or going to use) Phorm. (That is until the Thought Police decide its mandatory for all ISPs).

Lord Gnome

I notice that the current issue of Private Eye has a small report on the government's failure to address BT's transgressions, and a comment on the fact that NebuAd ("the US equivalent of Phorm") slunk off and disappeared - for now, anyway!

Optin

I wrote to my MP

I wrote to my MP who doesn't understand the issue since he's not technically aware. All he could do was pass on the usual information (most of it copy'n'pastes of Phorm PR) which claim the system is legal, etc.

However, it's time I wrote to him again, especially with the EC's Viviane Reding's take on the situation. Even if he doesn't understand the issues, it will momentarily bring the issue to the front of his mind, and he may well start to join the dots if others do the same.

Any Korean speakers?

Settling their hash

If I were one of those big websites, I'd wait until an ISP had been running an in-ISP BT tracker for oh, about 30 seconds, establish that it was phorging cookies with my site's name in them, and get an instant High Court 'cease and desist' injunction against the ISP and whoever supplied them with the software that did that.

Sure all those big websites are using, or considering, BT of their own.

But you think they will just let some in-ISP pipsqueak upstart BT tracker come along and muscle in?

Heh

Had a BT sales droid trying to get me to switch back a week or so ago, let her go through her script (only cost me 3 minutes of my time) established that they could, potentially, save me 3 squids per month. Right, said droid, would you consider switching back to BT. Never, says I, you are using Phorm; "Thank you, goodbye" says droid. Methinks they may be starting to get the picture. :-)

@ Midnight_Voice

"But you think they will just let some in-ISP pipsqueak upstart BT tracker come along and muscle in?"

When I first read that sentence I thought you must be related to amanfrommars, however, having re-read it, it makes perfect sense. :-)

Mine still says Phuck off Phorm on the back, and I've put it on the front too.

Don't play phorm's game

I'd strongly recommend that site operators DON'T request an opt out, it's just adding legitimacy to phorms activities. There are normal methods of opting out of site scanning that don't involve jumping through hoops and writing emails; why should this have a different methodology requiring that WE jump to their tune?

In my case I'm going to be adding a prominent banner for every visitor coming from BT (or any other ISP that signs up) informing the visitor of what their ISP is up to, who with, and what it entails. And when someone stands up and drags this through court to protest the illegal interception of their traffic, I'll stick my hand in my pocket to help out with costs, then stick my hand out for compensation for having my traffic interfered with and IP violated.

Escaping DPI

"Serious question that hopefully someone informed can answer - will joining another ISP sort this or will my traffic still get analysed as I have a BT phone line? (no option for cable in my area)"

Phorm are not the only supplier of DPI equipment. The major contractor and supplier of equipment to networks all round the world sems to be Alcatel-Lucent and they have their own routers with DPI systems, trademarked as KindSight. Then the Cisco routers are soon to be enhanced with Feeva scripts supplying geo-demographic data supplied by the ISP injected in a header tag for every HTTP request.

Before you move ISP, ask them what the privacy policy means with the data sharing clauses. Only a handful are know that do not share data with 3rd parties.

You will know who is an ISP which respects their customers enough to rely on service to cut down on customer churn - none that I have come across tie you down to paying more than one months notice for leaving (and it takes 2 weeks for the transfer to happen anyway).

I solved the BT phone line issue by moving to the Post Office - that is still classed as a BT phone line for broadband supply purposes: the connection is within a BT OpenReach maintained exchange.